Network Settings¶
Network connections used by Remote Services¶
To use the "Remote Services" application, access to Insights Hub is required to log into the tenant and to access supporting applications like "Settings", "Asset Management" and "MindConnect Agent" UIs.
In order to connect a Service Network with a Factory Network, Remote Services establishes two encrypted tunnels:
- A tunnel between the Service Network and the Insights Hub Backend. This tunnel is established by the Service Endpoint.
- A tunnel between the Factory Network and the Insights Hub Backend. This tunnel is established by the Device Endpoint.
RS uses the WebSocket Secure (WSS) protocol for these tunnels.
Configuration Guidelines for Firewalls¶
In case a firewall is used, the following configurations are needed to enable access to and from the network locations that are used for Remote Services.
For Outbound traffic:
-
Destination Server Port: 443
-
URLs to be white listed for Remote Services:
- https://connectivity.eu1.vpnrts.mindsphere.io/uaa/oauth/token
- https://s3restriction.eu1.vpnrts.mindsphere.io:443
- https://wss.eu1.vpnrts.mindsphere.io:443/mts/
- https://wss.eu1.vpnrts.mindsphere.io:443/ccf/
-
Access to Insights Hub domain must be whitelisted:
- *.eu1.mindsphere.io
-
Protocol WebSocket Secure (WSS)
For Inbound Traffic:
- Protocol WebSocket Secure (WSS)
Configuration Guidelines for Network Proxies¶
In case a proxy is used, the following configurations are needed to enable access to and from the network locations that are used for Remote Services:
For Outbound traffic:
-
Destination Server Port: 443
-
URLs to be whitelisted:
- https://connectivity.eu1.vpnrts.mindsphere.io/uaa/oauth/token
- https://s3restriction.eu1.vpnrts.mindsphere.io:443
- https://wss.eu1.vpnrts.mindsphere.io:443/mts/
- https://wss.eu1.vpnrts.mindsphere.io:443/ccf/
-
Access to Insights Hub domain must be whitelisted:
- *.eu1.mindsphere.io
-
Protocol WebSocket Secure (WSS)
Proxy timeout settings¶
The value of the proxy timeout setting determines the maximum duration a WSS session will remain active. Hence, this value must be greater or equal than the desired session time out that is configured in the Connector setup for a specific connection.